| Message ID | 20190819161204.3106-4-robh@kernel.org |
|---|---|
| State | New |
| Headers | show |
| Series | panfrost: Locking fixes | expand |
On 19/08/2019 17:12, Rob Herring wrote: > This fixes 2 issues found by lockdep. First, drm_gem_shmem_purge() > now uses mutex_trylock for the pages_lock to avoid a circular > dependency. NIT: This is in the previous patch. > Second, it drops the call to panfrost_mmu_unmap() which takes several > locks due to runtime PM calls. The call is not necessary because the > unmapping is also called in panfrost_gem_close() already. I could be completely mistaken here, but don't we need to unmap the memory from the GPU here because the backing is free? The panfrost_gem_close() call could come significantly later, by which time a malicious user space could have run some jobs on the GPU to take a look at what those mappings now point to (quite likely some other processes memory). So this looks to me like a crafty way of observing 'random' memory in the system. Steve > Fixes: 013b65101315 ("drm/panfrost: Add madvise and shrinker support") > Cc: Tomeu Vizoso <tomeu.vizoso@collabora.com> > Cc: David Airlie <airlied@linux.ie> > Cc: Daniel Vetter <daniel@ffwll.ch> > Signed-off-by: Rob Herring <robh@kernel.org> > --- > drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c | 15 ++------------- > 1 file changed, 2 insertions(+), 13 deletions(-) > > diff --git a/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c b/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c > index d191632b6197..cc15005dc68f 100644 > --- a/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c > +++ b/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c > @@ -36,17 +36,6 @@ panfrost_gem_shrinker_count(struct shrinker *shrinker, struct shrink_control *sc > return count; > } > > -static void panfrost_gem_purge(struct drm_gem_object *obj) > -{ > - struct drm_gem_shmem_object *shmem = to_drm_gem_shmem_obj(obj); > - mutex_lock(&shmem->pages_lock); > - > - panfrost_mmu_unmap(to_panfrost_bo(obj)); > - drm_gem_shmem_purge_locked(obj); > - > - mutex_unlock(&shmem->pages_lock); > -} > - > static unsigned long > panfrost_gem_shrinker_scan(struct shrinker *shrinker, struct shrink_control *sc) > { > @@ -61,8 +50,8 @@ panfrost_gem_shrinker_scan(struct shrinker *shrinker, struct shrink_control *sc) > list_for_each_entry_safe(shmem, tmp, &pfdev->shrinker_list, madv_list) { > if (freed >= sc->nr_to_scan) > break; > - if (drm_gem_shmem_is_purgeable(shmem)) { > - panfrost_gem_purge(&shmem->base); > + if (drm_gem_shmem_is_purgeable(shmem) && > + drm_gem_shmem_purge(&shmem->base)) { > freed += shmem->base.size >> PAGE_SHIFT; > list_del_init(&shmem->madv_list); > } >
diff --git a/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c b/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c index d191632b6197..cc15005dc68f 100644 --- a/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c +++ b/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c @@ -36,17 +36,6 @@ panfrost_gem_shrinker_count(struct shrinker *shrinker, struct shrink_control *sc return count; } -static void panfrost_gem_purge(struct drm_gem_object *obj) -{ - struct drm_gem_shmem_object *shmem = to_drm_gem_shmem_obj(obj); - mutex_lock(&shmem->pages_lock); - - panfrost_mmu_unmap(to_panfrost_bo(obj)); - drm_gem_shmem_purge_locked(obj); - - mutex_unlock(&shmem->pages_lock); -} - static unsigned long panfrost_gem_shrinker_scan(struct shrinker *shrinker, struct shrink_control *sc) { @@ -61,8 +50,8 @@ panfrost_gem_shrinker_scan(struct shrinker *shrinker, struct shrink_control *sc) list_for_each_entry_safe(shmem, tmp, &pfdev->shrinker_list, madv_list) { if (freed >= sc->nr_to_scan) break; - if (drm_gem_shmem_is_purgeable(shmem)) { - panfrost_gem_purge(&shmem->base); + if (drm_gem_shmem_is_purgeable(shmem) && + drm_gem_shmem_purge(&shmem->base)) { freed += shmem->base.size >> PAGE_SHIFT; list_del_init(&shmem->madv_list); }
This fixes 2 issues found by lockdep. First, drm_gem_shmem_purge() now uses mutex_trylock for the pages_lock to avoid a circular dependency. Second, it drops the call to panfrost_mmu_unmap() which takes several locks due to runtime PM calls. The call is not necessary because the unmapping is also called in panfrost_gem_close() already. Fixes: 013b65101315 ("drm/panfrost: Add madvise and shrinker support") Cc: Tomeu Vizoso <tomeu.vizoso@collabora.com> Cc: David Airlie <airlied@linux.ie> Cc: Daniel Vetter <daniel@ffwll.ch> Signed-off-by: Rob Herring <robh@kernel.org> --- drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-)